CSA and FedRAMP Partner on FedSTAR - A New Certification System
May 17, 2018
The Cloud Security Alliance (CSA) and the Federal Risk and Authorization Management Program (FedRAMP) have announced their partnership on a new certification system. Established in 2008, CSA is a non-profit organization that offers education and promotes security assurance best practices for cloud computing. The organization aims to “promote a common level of understanding between the consumers and providers of cloud computing regarding the necessary security requirements and attestation of assurance”. FedRAMP, which is a government organization, is headquartered in Washington, DC, United States.
FedRAMP is a “government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services”. It aims to enable agencies to move from legacy IT to cloud-based IT as cost-effectively as possible and has created “processes to ensure effective, repeatable cloud security for the government”. The new FedSTAR certification system will establish “mutual recognition between the two security programs based on a common framework for deployment, use and maintenance”. FedSTAR will offer cloud service providers the tools they need to evaluate their security and conduct ongoing monitoring. Cloud providers will be offered processes and methodologies that enable them to avoid the replication inherent in the two systems.
"FedRAMP and CSA's STAR are among the most used cloud certifications world-wide, however, because they are deployed separately and incompatible, cloud service providers (CSP) spend valuable resources in duplicating efforts to comply with both systems," explained Cloud Security Alliance’s Federal Director, Kate Lewin. "Complying with multiple systems is not only confusing, costly and ineffective, but acts as a barrier to market entry for smaller companies. That's about to change with the development of FedSTAR. Now, CSPs will be able to earn two certifications with one audit, saving both time and money."
Do you know of any other organizations involved in partnerships? Let us know the details. Add your comments below.